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REM ARKS 

The Examiner rejected claim 1 under 35 U.S.C. § 103(a) as allegedly being unpatentable 
over Shcrcr (U.S, Patent No. 6,1 15,376) in view of Glawitsch (US. Patent No. 6,772,334 Bl) 
and lurlhcr in view of Franty: (U,S. Patent No. 6,697,943 Bl ). 

The Examiner rejected claims 2-13 and 15-21 under 35 U.S.C. §103(a) as allegedly being 
unpatentable over Shcrer (U.S. Patent No, 6,115,376)in view of Stem (U.S, Patent No. 
5,935,249) and further in view of Frnntz (U.S. Patent No. 6,697,943 Bl). 

Tlic Examiner rejected claim 14 under 35 U.S.C. 103(a) ^ allegedly being unpatentable 
over Sherer (U.S. Potent No. 6,1 1 5,376) in view of Stem (U.S. Patent No. 5,935,249) and further 
in view of Frant/ (U.S. Patent No. 6,697,943 Bl) and ftirthcr in view of Glawitsch (U.S. Patent 
No. 6,772,334 Bl). 

AppHcanls respectfully contend that the Examiner has not provided any argument 
supporting the rejection of claims 10-12 and 17-19. Applicants respectfully request that the 
Examhicr cither provide arguments supporting the rejection of claims 10-12 and 17-19, or 
else indicate that claims 10-12 and 17-19 arc anowal)le. 

Applicants respectfully traverse the §103(a) rejections with the following arguments;. 
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35 IJ.S.g 81 03faV Claim 1 

'ITic Examiner rejected claim 1 under 35 U.S.C. § 103(a) as allegedly being unpatentable 
over Sljcrer (U.S. Patent No. 6,1 15,376) in view of Glawitsch (U.S. Patent No. 6,772,334 Bl) 
and furtlicr in view of Frantz (U.S. Patent No, 6,697,943 Bl). 

With regard to claim 1, Applicants respectruUy contend that claim 1 is not unpatentable 
over Shcrcr in view of Glawitsch and further in view of Fmntz, because Sheror in view of 
Glawitsch and further in view of Frantz docs not teach or suggest each and evciy feature of claim 
1. 

A first reason why claim I is not unpatentable over Sherer in view of Glawitsch and 
further in view of Frantz is that Sherer in view of Glawitsch and further in view of Frantz does 
not teach or suggest the feature: "receiving a message by the network-addressable device from a 
target of a denial of sci-vice attack by the 5;poonng vandal, said attack comprising a denial of 
service communication sent by the spoofing vandal to the target; [and] detecting, by the nctwork- 
adtlrcasable device, a communication protocol violation consequent to the message, wherein the 
communication protocol violation is indicative of the denial of service attack on tl\e target by the 
spoofing vandal using an identity of the network-addressable device in the denial of service 
conimunication, said detecting being pcrfonncd after said receiving has been performed". 

Applicants note that in claim 1, the target receives the message before the detecting step 
is pcrfonncd, whereas in Glawitsch the target does not receive the message until after the 
detection step bas been perlbrmed and until after tlie detecting step authenticates a request for a 
session between a client and a server (sec Glawitsch, col. 9, Imes 65-67; col. 3, lines 32-34). 
The purpose of Glawitsch's invention is prevent the target from "running out of state** (i.e., 

09/849,697 9 



PA(£1(V17'RCVDAT6/29/200511:44:03 AM [Eastern Daylight Tirn^^ 



JUN-29-05 WED 11:10 AM 



FAX NO. 



P. 11 



exhausting resources for communtcating with olher servers or clients) (sec Glawitsch, col 2, 
lines 30-47). Glawitsch's invention accomplishes this objective by performing the fliiee-way 
handshake (SYN, SYN-ACK, ACK) in behalf of the victim before the victim receives the 
message. Thus, Glavvitsch teaches away from tlic message being received by the target before the 
detecting step is performed. 

Moreover, in claim 1 the network-addressable device performs the detecting step, and the 
identity of the network-addressable device ts used by the vandal to effectuate the communication ' 
protocol violation consequent to the message, whereas in Glawitsch a firewall ixrfomis the 
detecting step, and the identity of the firewall is not used by the vandal to eflccluate the 
cummunictvtion protocol violation consequent to the message. 

Also, Shcrer does not teach that ihe vandal is engaged in a denial of service attack on the 
victim, as acknowledged by the Examiner, Based on tlic preceding discussion^ Glawitsch^s 
method of dealing with a denial of service attack is incompatible with claim I . Therefore, it is 
not obvious to modify Sherer by the alleged teaching of Glawitsch. 

A second reason why claim 1 is not unpatentable over Sherer in view of Glawitsch and 
further in view of Frant/. is that Sherer in view of Glawitsch and further in view of Frantz does 
not teach or suggest the feature: ''gejicrating, by the network-addressable device, a spoofing alert 
responsive to the act of detecting the communication protocol violation." 

The Examiner argues: "Shcrer and Glawitsch, however do not explicitly teach generating 
a spoofing alert upon detection of protocol violation. Referring to claim 1, Lranz teaches 
generating spoof control packet, setting the alerts and discarding .the packets (sec abstract and 
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Fig. 3, blocks 340 and 399). Therefore, at the time the invention was made, it would have been 
obvious to one of ordinary skill in the art to use a system for address aulhcnlication having 
functionalily for dclermining wcalhca* the protocol violation is a denial of service attack by the 
spoofer using address of a network device and generating a spoofing alert as taught in Franlz. 
One of ordinary skill in the art would have been motivated to use a system for address 
authentication having functionality for determining weather the protocol violation is a denial of 
service attack by the spoofer using addre.ss of a network device and generating a spoofing alert a^? 
tiiiJglU in Frantz for discarding the packet (sec Frantz, Fig.5)." 

In response, Applicants acknowledge that Franz teaches discarding the packet. However, 
Applicants respectfully contend Uiat; (I) discai-ding the packet is not a spoofing alert; and (2) 
Franz docs not teach or suggest generating a spoofing alert for discarding the packet. 



n 
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35 U.S.C. §L03fa^! Claims 2-13 and 15-21 

The Examiner rejected claims 2-13 and 15-21 under 35 U.S.C, § 103(a) as allegedly being 
ujipatentablc over Shcrer (U»S. Patent No. 6,1 15,376) in view of Stem (U.S. Patent No. 
5,935,249) and further in view of l-rantz (U.S. Patent No. 6,697,943 Bl). 

Since claims 4-6, 9, 13-14, 16, and 20-21 have been eaneelcd, the rejection of claims 4-6, 
9, 13-14, 16, and 20-2 1 under 35 US.C, § 103(a) is moot. 

Since claims 7-8 have been a)nendc<l to depend from new claim 22, the rejection of 
claims 7-S under 35 U,S,C\ §103(a>is moot. 

With regard to claim 2, Applicants respectfully contend that claim 2 is not unpatentable 
over Shcrer in view of Stem and fiirthcr in view of Frantz. 

A first reason why claim 2 is not unpatentable over Sherer iii view of Stern and further in 
view of Frantz is that Shcrer in view of Stem and further in view of Frantz does not leach or 
suggest the feature: "receiving a message by the network-addressable device; [and] detecting a 
communication protocol violation consequent to the mcssagCj wherein the communication 
protocol violation is indicative of activity of a spooOng vandal using the identity of the 
nelwovk-nddrcssahic device in an attack on a targcf ' (emphasis added). 

'J'he Examiner argues: "tl^e limitation "receiving a message by the network-addressable 
device" is met by a packet (102 In Fig 4.), which is transmitted to interconnection device (100)." 

In response. Applicant note that the Examiner has idcntined the intcrconneclion device 
100 of Shcrer as allegedly representing the network-addressable device of claim 2. Therefore, 
antecedent basis considerations in the preceding feature of claim 2 require a disclosure by Shcrer 
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tlint the commuiiicntion protocol violation is indicative of activity of a spoofing vandal using the 
identity of tlic hilcrconncctinn device 100 in an altack on a target. Applicants contend that 
Shcrer docs not disclose that the communication protocol violation is indicative of activity of a 
spoofing vandal using (he idcnllly of the interconnection device 100 in an attaclc on a target, 

as required by claim 2. Tiic I2xamincr*s argument has not even addressed the issue of whether 
Shorer discloses '"using the identity of the network-addressable device in an attack on a target". 
Tlicrcfore, claim 2 is not unpatentable over Sherer in view of Stern and fuilhcr in view of Frantz. 

A second reason why claim 2 is not unpatentable over Shcrcr in view of Stent and further 
in view of Franlz is tlmt Shcrcr in view of Stern and further in view of Frontz does not teach or 
suggest The feature; ^'advancing the value of a counter associated with the target". Although the 
Examiner alleges that Stern teaches a counter for storing a counter value, the Examiner docs not 
allege that Stem teaches '^advancing tlic counter" as required by claim 2, Indeed, rather than 
teaching ''advancing tlic counter". Stem teaches the very opposite, namely "decrementing" the 
counter. See Stern, col, 16, line 36. Therefore, claim 2 is not unpatentable over Shcrcr in view 
of Stern and ftirthcr in view of Frant/, 

A third reason why claim 2 is not impatentable over Shcrer in view of Stem and tijither in 
view of Frantz is that Shcrcr in view of Stem and further in view of Frantz docs not teach or 
suggest Ihe feature; "generating a spoofing alert when the value of the counter exceeds the 
threshold". Intlecd, none of die references cited by the Examiner teach the preceding feature of 
claim 2. Therefore, claim 2 is not unpatentable over Sherer in view of Stem and further in view 
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of Fran I/. 

A fourth reason why claim 2 i$ not unpatentable over Shcrcr in view of Stem and further 
in view of Frantz is that the Examiner's arguments for modifying Shcrer by the alleged teaching 
of Stern and Franz is not persuasive. 

The Examiner argues: ^Therefore at the time the invention was made, it would have been 
obvious to one of ordinary skill in the art, to modify a system for access control address 
aulli en Li cation oF Shcrcr by using the counter and comparing the value of the counter with the 
threshold as taugjit in Stem and generating a spoofing alert as taught in Frantz. One of ordinary 
skill in the art would have been motivated to modify a system for access control address 
aiitlicntication by using the counter and comparing the value of llic counter with the thrciihokl as 
taught in Stem for issuing iJtc authorization command (sec Stem column 16, lines 39-40) and 
{i(encr;Uing a spooling alcrl as taught in Frantz for discarding the packet (sec Frantz^ Fig.5)" 
(emphasis added). 

In i-csponsc, Applicant respectfully contend that the Examiner^s suggested modification 
of Shcrcr (i.e., "using the counter and comparing the value of the counter with the threshold ") 
docs no more tlian provide alleged advantages to Shcrcr's invention which already exists in 
Shcrcr's invention without a counter The advantages allegedly promoted by the modification of 
Shcrer include "generating a spoofing alert" and "discarding the packet". However, Shcrcr 
discloses in coL 6, lines 37-45: ''If the MAC address is not authorized, then the packet is 
bloclccd, and the port is disabled or other action is taken to prevent that end station from 
accessing the layer two fabric of the network, I^urther, a notification message can be sent to a 
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network ninnagcmcnt station, indicating that a failed authentication occurred" (emphasis 
added). Thus, Shcrcr docs not have any use for the counter because Shcrcr already discloses 
(wathout need of a counter): blocking the packet and sending a noUfication message to a network 
niiinagcment station, llicrcfore, modifying Sherer by adding a counter to Slierer's invention adds 
unnecessary complexity and unnecessary processing time to Shcrer's invention. 

In other words, the Exainincr*s suggested modification of Sherer degrades Qie 
performance of Shcrer's method without (ulding anything of value to Shcrer's method. 
Accordingly, Applicant respectfully contend that the Examiner has not established a prima facie 
case ofobviousncss in relation to claim 2. 'llicrcfore, claim 2 is not unpatentable over Sherer in 
view of Stci'n and further in view of Frantz. 

Based on the preceding arguments. Applicants respectfully maintain tliat claim 2 is not 
Lmpatciitable over Shcrcr in view of Stem and further in view of Prantz, and dial claim 2 is in 
condition for allowance. Since claims 3, 10-12, 15, and 17-19 depend from claim 2, Applicants 
rcspectflilly contend that claims 3, 10-12, 15, and 17-19 are likewise in condition for allowance. 

It\ addition, Applicants respectfully contend that the Examiner has not provided uny 
argvnncnt supporting the rejection of claims 10-12 and 17-19. Accordingly, the Examiner has not 
established a prima facie ease of obviousness in relation to claims 10-12 and 17-19. 
Applicants respectfully request tliat the Examiner cither provide arguments supporting the 
rejection of claims 10-12 and 17-19, or else indicate that claims 10-12 and 17-19 arc allowable. 
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CONCI.USION 



Uascd on the preceding arguments. Applicants respectfully believe tliat all pending claims 
and the entire Hpplication meet the acceptance criteria for allowance ajid therefore request 
favorable action. If the Examiner believes that anything further would be helpfbl to place the 
opplicalion in belter condition for allowance. Applicants invites the ExamTner to contact 
Applicants' representative ut the telqihone number listed below. The Director is hereby 
authori/al to charge and/or crcdit Deposit Account 09-0457, 





Jack P. Friedman 
Registration No. 44,688 



Schmciscr, Olscn & Watts 
3 Lear Jet Twano, Suite 201 
Latlinm, New York ! 21] 0 
(518) 220-1850 
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